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AMENDMENTS TO THE CLAIMS 

Claims 1, 3-11, 14-19 and 34-40 are pending. 
Claim 33 is canceled herein. 

Claims 2, 12, 13, 20-32 and 41 were previously canceled. 

1. (Previously Presented) A method for processing a permission set associated with a 
code assembly received from a resource location to control execution of the code assembly, the 
method comprising: 

receiving the permission set including at least one permission associated with the code 
assembly; 

receiving a set of requestable permissions in association with the code assembly; 

generating a grantable permission set from a subset of the permission set specified by the 
set of requestable permissions prior to run-time execution of the code assembly, 

executing a first level of code assembly functionality if a first optional set of permissions 
specified in the requestable permission set is a subset of the permission set; and 

executing a second level of code assembly functionality if a second optional set of 
permission specified in the requestable permission set is a subset of the permission set 

2. (Canceled). 

3. (Previously Presented) The method of claim 1 wherein the generating operation 
comprises: 
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computing a logical set operation on the permission set and the set of requestable 
permissions to generate the grantable permission set. 

4. (Previously Presented) The method of claim I further comprising: 

comparing the permission set and a minimum permission condition specified by the set of 
requestable permissions; and 

preventing loading of the code assembly, if the permission set fails to satisfy the 
minimum permission condition. 

5. (Previously Presented) The method of claim 1 further comprising: 
preventing execution of the code assembly, if the permission set fails to satisfy a 

minimum permission condition specified by the set of requestable permissions. 

6. (Original) The method of claim 1 further comprising: 

defining a code group collection based on a security policy specification, the code group 
collection including one or more code groups; 

receiving evidence associated with the code assembly; 

evaluating membership of the code assembly in the one or more code groups, based on 
the evidence; and 

generating the permission set based on the membership of the code assembly in the one 
or more code groups. 

7. (Previously Presented) The method of claim 1 wherein the set of requestable 
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permissions specifies a plurality of typed permission request sets, each typed permission request 
set specifying a distinct type of permission preference requested in association with the code 
assembly. 

8. (Previously Presented) The method of claim 1 wherein the set of requestable 
permissions specifies a minimum permission condition in association with the code assembly. 

9. (Previously Presented) The method of claim 8 wherein the generating operation 
comprises: 

filtering the permission set based on the minimum permission condition to generate the 
grantable permission set, such that the grantable permission set includes a subset of the 
permission set. 

10. (Previously Presented) The method of claim 8 further comprising: 
preventing loading of the code assembly, if the minimum permission condition is not a 

subset of the permission set. 

11. (Previously Presented) The method of claim 8 further comprising: 

preventing execution of the code assembly, if the minimum permission condition is not a 
subset of the permission set. 



12-13. (Canceled). 
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14. (Previously Presented) The method of claim 1 wherein the set of requestable 
permissions specifies a refuse request set specifying a set of one or more permissions to be 
omitted from the grantable permission set associated with the code assembly. 

15. (Previously Presented) The method of claim 14 further comprising: 

omitting the set of one or more permissions specified by the refuse request set from the 
set of grantable permissions. 

16. (Previously Presented) The method of claim 1 wherein the set of requestable 
permissions includes an optional request set specifying an optional set of permissions requestable 
in association with the code assembly and a niinimum request set specifying a minimum set of 
permissions requestable in association with the code assembly, and wherein the generating 
operation comprises: 

computing a union of the optional request set and the minimum request set to provide a 
, maximum request set; and 

computing an intersection of the maximum request set and the permission set. 

17. (Previously Presented) The method of claim 16 wherein the set of requestable 
permissions further specifies a refUse request set specifying a set of one or more permissions to 
be omitted from the grantable permission set in associated with the code assembly, and wherein 
the generating operation further comprises: 

subtracting the set of one or more permissions specified in the refuse request set from the 
intersection of the maximum request set and the permission set. 
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1 8. (Previously Presented) The method of claim 1 wherein the operation of receiving 
the set of requestable permissions comprises: 

receiving the set of requestable permissions and the code assembly in a single network 
communication. 

19. (Previously Presented) The method of claim 1 wherein the operation of receiving 
the set of requestable permissions comprises: 

retrieving the set of requestable permissions in a network communication distinct from a 
network communication in which the code assembly is received. 

20-33. (Canceled). 

34, (Previously Presented) A computer program storage medium readable by a 
computer system and encoding a computer program for executing a computer process processing 
a permission set associated with a code assembly received from a resource location, the 
computer process comprising: 

receiving the permission set including at least one permission associated with the code 

assembly; 

receiving a set of requestable permissions in association with the code assembly; 
filtering the permission set based on the set of requestable permissions prior to run-time 
execution of the code assembly; 

executing a first level of code assembly functionality if a first optional set of permissions 
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specified in the requestable permission set is a subset of the permission set; and 

executing a second level of code assembly functionality if a second optional set of 
permission specified in the requestable permission set is a subset of the permission set. 

35. (Previously Presented) A computer program product encoding a computer program 
for executing on a computer system a computer process processing a permission set associated 
with a code assembly received from a resource location to control execution of the code 
assembly, the computer process comprising: 

defining a code group collection based on a security policy specification, the code group 

collection including one or more code groups; 

receiving evidence associated with the code assembly, 

evaluating membership of the code assembly in the one or more code groups, based on 
the evidence; 

generating the permission set based on the membership of the code assembly in the one 

or more code groups; 

receiving a set of requestable permissions in association with the code assembly, 

computing a logical sel operation on the permission set and the set of requestable 
permissions to generate a grantable permission set before execution of the code assembly; 

executing a basic functionality of the code assembly if an optional set of permissions 
specified in the set of requestable permissions is not a subset of the permission set; and 

executing an enhanced functionality of the code assembly if the optional set of 
permissions specified in the set of requestable permissions is a subset of the permission set. 
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36. (Previously Presented) The computer program product of claim 35 wherein the set 
of requestable permissions includes an optional request set specifying an optional set of 
permissions requestable in association with the code assembly and a minimum request set 
specifying a minimum set of permissions requestable in association with the code assembly, and 
wherein the computing operation comprises: 

computing a union of the optional request set and the minimum request set to provide a 
maximum request set; and 

computing an intersection of the maximum request set and the permission set. 

37. (Previously Presented) The computer program of claim 36 wherein the set of 
requestable permissions further specifies a refuse request set specifying a set of one or more 
permissions to be omitted bom the grantable permission set in associated with the code 
assembly, and wherein the computing operation farther comprises: 

subtracting the set of one or more permissions specified in the refuse request set from the 
intersection of the maximum request set and the permission set. 

38. (Previously Presented) The method of claim 1, wherein the set of requestable 
permissions comprise characteristics of the permissions needed by the code assembly. 

39. (Previously Presented) The method of claim 1, further comprising controlling 
execution of the code assembly based upon the grantable permission seL 
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40. (Previously Presented) The method of claim 39, wherein controlling execution of 
the code assembly comprises: 

receiving a permission request associated with the code assembly; and 
selectively granting the requested permission as a function of the grantable permission set 
during run-time execution of the code assembly. 

41. (Canceled). 
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